Received: by mail.netbsd.org (Postfix, from userid 605)
	id A94A684D66; Fri, 22 Sep 2017 21:02:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 3558884D5B
	for <pkgsrc-changes@NetBSD.org>; Fri, 22 Sep 2017 21:02:44 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id KXUXTXI8EgOi for <pkgsrc-changes@netbsd.org>;
	Fri, 22 Sep 2017 21:02:43 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984])
	by mail.netbsd.org (Postfix) with ESMTP id A552484D38
	for <pkgsrc-changes@NetBSD.org>; Fri, 22 Sep 2017 21:02:43 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id A03D8FA9A; Fri, 22 Sep 2017 21:02:43 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_150611416395800"
MIME-Version: 1.0
Date: Fri, 22 Sep 2017 21:02:43 +0000
From: "Tim Zingelman" <tez@netbsd.org>
Subject: CVS commit: pkgsrc/security/openssl
To: pkgsrc-changes@NetBSD.org
Reply-To: tez@netbsd.org
X-Mailer: log_accum
Message-Id: <20170922210243.A03D8FA9A@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_150611416395800
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	tez
Date:		Fri Sep 22 21:02:43 UTC 2017

Modified Files:
	pkgsrc/security/openssl: Makefile distinfo
Added Files:
	pkgsrc/security/openssl/patches: patch-crypto_x509v3_v3_addr.c

Log Message:
openssl: fix for CVE-2017-3735


To generate a diff of this commit:
cvs rdiff -u -r1.231 -r1.232 pkgsrc/security/openssl/Makefile
cvs rdiff -u -r1.127 -r1.128 pkgsrc/security/openssl/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/security/openssl/patches/patch-crypto_x509v3_v3_addr.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_150611416395800
Content-Disposition: inline
Content-Length: 2677
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/security/openssl/Makefile
diff -u pkgsrc/security/openssl/Makefile:1.231 pkgsrc/security/openssl/Makefile:1.232
--- pkgsrc/security/openssl/Makefile:1.231	Sat Aug  5 11:06:29 2017
+++ pkgsrc/security/openssl/Makefile	Fri Sep 22 21:02:43 2017
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.231 2017/08/05 11:06:29 bsiegert Exp $
+# $NetBSD: Makefile,v 1.232 2017/09/22 21:02:43 tez Exp $
 
 DISTNAME=	openssl-1.0.2k
+PKGREVISION=	1
 CATEGORIES=	security
 MASTER_SITES=	https://www.openssl.org/source/
 

Index: pkgsrc/security/openssl/distinfo
diff -u pkgsrc/security/openssl/distinfo:1.127 pkgsrc/security/openssl/distinfo:1.128
--- pkgsrc/security/openssl/distinfo:1.127	Thu Jan 26 16:31:57 2017
+++ pkgsrc/security/openssl/distinfo	Fri Sep 22 21:02:43 2017
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.127 2017/01/26 16:31:57 jperkin Exp $
+$NetBSD: distinfo,v 1.128 2017/09/22 21:02:43 tez Exp $
 
 SHA1 (openssl-1.0.2k.tar.gz) = 5f26a624479c51847ebd2f22bb9f84b3b44dcb44
 RMD160 (openssl-1.0.2k.tar.gz) = 56b70831e49f83987ec14b3878d0d693f9a7d862
@@ -11,4 +11,5 @@ SHA1 (patch-apps_Makefile) = 60113291f2a
 SHA1 (patch-config) = 345cadece3bdf0ef0a273a6c9ba6d0cbb1026a31
 SHA1 (patch-crypto_bn_bn__prime.pl) = a516f3709a862d85e659d466e895419b1e0a94c8
 SHA1 (patch-crypto_des_Makefile) = 7a23f9883ff6c93ec0e5d08e1332cc95de8cdba2
+SHA1 (patch-crypto_x509v3_v3_addr.c) = 0782668ce0748b58eda9036ee93fa926e575698b
 SHA1 (patch-tools_Makefile) = 67f0b9b501969382fd89b678c277d32bf5d294bc

Added files:

Index: pkgsrc/security/openssl/patches/patch-crypto_x509v3_v3_addr.c
diff -u /dev/null pkgsrc/security/openssl/patches/patch-crypto_x509v3_v3_addr.c:1.1
--- /dev/null	Fri Sep 22 21:02:43 2017
+++ pkgsrc/security/openssl/patches/patch-crypto_x509v3_v3_addr.c	Fri Sep 22 21:02:43 2017
@@ -0,0 +1,25 @@
+$NetBSD: patch-crypto_x509v3_v3_addr.c,v 1.1 2017/09/22 21:02:43 tez Exp $
+
+Patch for CVE-2017-3735 from 
+https://github.com/openssl/openssl/commit/31c8b265591a0aaa462a1f3eb5770661aaac67db
+
+
+--- crypto/x509v3/v3_addr.c
++++ crypto/x509v3/v3_addr.c
+@@ -130,10 +130,12 @@ static int length_from_afi(const unsigned afi)
+  */
+ unsigned int v3_addr_get_afi(const IPAddressFamily *f)
+ {
+-    return ((f != NULL &&
+-             f->addressFamily != NULL && f->addressFamily->data != NULL)
+-            ? ((f->addressFamily->data[0] << 8) | (f->addressFamily->data[1]))
+-            : 0);
++    if (f == NULL
++            || f->addressFamily == NULL
++            || f->addressFamily->data == NULL
++            || f->addressFamily->length < 2)
++        return 0;
++    return (f->addressFamily->data[0] << 8) | f->addressFamily->data[1];
+ }
+ 
+ /*


--_----------=_150611416395800--